Cyber Threats are Getting Harder to Combat, National Intelligence Director Says

Cybersecurity threats and attacks are getting more difficult to mitigate and protect against, Director of National Intelligence Avril Haines said during the RSA Conference Monday. This statement outlines the increasing gravity, nuance and complexity of evolving cyber challenges.

Nation-state cyber actors like China, Russia, Iran and North Korea, as well as cybercriminal organizational actors, are expanding operations, Haines said. Compounding these threats are increasing commercial availability of sophisticated offensive tools that make it difficult for U.S. national security agencies to prevent and disrupt attacks.

Alongside growing threats and attack capabilities, Haines said that the national security cybersecurity community also faces the challenge of protecting people’s privacy and civil liberties.

“As we’re increasing the amount of data that’s available, and the pandemic is a perfect example of where so much more data about us in our daily lives — whether it’s for contact tracing or other things, your health issues and so on — are becoming available,” Haines said. “Data across the board that people are able to pull together in a variety of ways, particularly using data broker, commercial-available information and so on, means that it’s much harder to maintain privacy and civil liberties in this space as you’re trying to protect people’s cybersecurity.”

Haines also said cybersecurity is blurring traditional distinctions in national security. In the national security space, for example, there are different rules for collecting information domestically and internationally. As cyber threats become a global and interconnected problem, information-gathering becomes more difficult.

Cybersecurity attacks and threats also blur the legal lines of international rules between times of conflict and peace, Haines argued. As the intelligence community continues to witness spurts of cyber incidents before physical conflicts,  it’s difficult to determine appropriate and legal intervention.

“We have seen cyber used in conflicts, but we’ve also more often seen what cyber incidents look like before you get to a conflict and before anybody is willing to call it a conflict,” Haines said. “This question of when you shift from one realm to the other is important because it gives you additional response options from an international legal perspective, but it’s also important in terms of how you’re developing the rules of the road.”

Haines also said the lines between private and public security and authority in cyberspace are becoming more indistinct, making threat mitigation difficult without strengthened collaboration.

“So much of our critical infrastructure, our cyber infrastructure is privately owned, and that obviously has an implication for us in terms of trying to protect it and think about it in the context of national security,” Haines said. “Throughout history, we’ve not been so good at it from a government perspective, [but we have to] collaborate with the private sector in really intense ways in order to really address the challenges that we’re facing.”

Amid this final challenge, Haines called upon government to improve partnerships, adding that collaboration has grown in some respects, but the intelligence and national security communities could see more progress.

“We’ve started to do some work where we bring in essentially private-sector companies, do some analytics work with them, learn from them, trying to do more of that on a more systemic basis,” Haines said. “We can actually begin to compare notes, and we have some interesting and useful information and also some terrific analysts on different issues. … that can help to contextualize things in a way that gives you a better strategic picture.”